How to create an API token for a cPanel user

  WHM

Introduction

This guide explains how to generate an API token for an individual cPanel account. The generated token inherits the same permissions and access level as the cPanel user that created it, allowing authenticated access to cPanel API functions without using the account password.

If you need an API token with customized permissions or restricted access, refer to the documentation linked in the Additional Resources section.

Generate an API Token via the cPanel Interface

  1. Log in to cPanel using the desired cPanel account.
  2. Navigate to Manage API Tokens.
  3. In the Token Name field, enter a descriptive name for the token. This name is used for identification purposes only and can be any value that helps you recognize its intended use.
  4. Choose an expiration date for the token, or leave the expiration setting disabled if you do not want the token to expire automatically.
  5. Click Create.
  6. Copy the generated API token and store it in a secure location.

Important: The token value is displayed only once. If it is lost, you will need to revoke the token and create a new one.

Generate an API Token via SSH or Terminal

Note: This method is currently affected by a known issue and may not function as expected. You can follow updates on the defect using the link provided in the Additional Resources section.

Known Issue: UAPI - Tokens::create_full_access requires root access

Create a Token Without an Expiration Date

  1. Log in to the server via SSH as the cPanel user, or open the Terminal interface within cPanel.
  2. Run the following command, replacing the username and token name with your own values:
uapi --user=username Tokens create_full_access name='exampleToken'
  1. Copy the generated token and store it securely.

Create a Token With an Expiration Date

To create a token that expires after 24 hours, first generate a future Unix epoch timestamp:

twentyFourHoursFromNow=$(date +%s -d "$(date) + 24 Hours")

Then create the token using the expiration timestamp:

uapi --user=username Tokens create_full_access \
  name='exampleToken' \
  expires_at=$twentyFourHoursFromNow

After the command completes, copy the returned token and store it in a secure location.

Security Recommendations

  • Store API tokens securely and treat them like passwords.
  • Use expiration dates whenever possible.
  • Revoke tokens that are no longer needed.
  • Never share API tokens through email, chat, or other unsecured communication channels.

Additional Resources

Known Issue: Tokens::create_full_access requires root access

cPanel API Token Documentation

UAPI Tokens Module Documentation

Conclusion

API tokens provide a secure and convenient way to authenticate cPanel API requests without exposing your account password. Whether generated through the cPanel interface or via command-line tools, API tokens allow applications, scripts, and integrations to interact with cPanel using the permissions assigned to the account that created them.

To maintain account security, store tokens securely, use expiration dates when appropriate, and regularly review and revoke any tokens that are no longer required.

LEAVE A COMMENT